Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found & Removed Trojan.Win32.Generic!BT - but System Still Unusable


  • Please log in to reply
12 replies to this topic

#1 WingMan71

WingMan71

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 14 September 2015 - 09:16 AM

Hello Bleeping Computer,

 

You folks helped me get rid of a virus on this same computer about two or three years ago, but now it seems I'm infected again.

 

About a month or so ago I found the Trojan.Winn32.Generic!BT virus on my system.  It was actually hinding on my external USB hard drive, which is why I didn't find it right away.  Once I scanned the external hard drive with VIPRE Internet Security 2014, it found that virus and removed it.

 

However, there must stil be something hiding somewhere since my system is nearly unuseable after about 10 to 15 minutes of working on just one or two apps.

 

Hardware:

Dell Inspiron 3847

8BG of RAM

Windows 7 Home Premium (current with all updates)

 

Symptoms:

Comuter boots and runs regularly for about 10 or 15 minutes of operation.  I'm typically only running FireFox and Microsoft Word 2010 and maybe on other app.

 

After about 10 to 15 minutes, the apps all start "not responding".  It's usually FireFox (which I've already reset) that locks up first.  Then Word gives the same "not responding" message in the title bar.  Eventally all apps are frozen with the "not responding" message.

 

I can't close the apps.  CTRL-ALT-DEL will NOT bring up the tasks manager.  I can't even get to the task bar to shut down the computer properly.  The only way I can shut down is to pull the plug on the computer and then plug it back in a minute or two later.

 

So, basically the computer is unusable at this point.

 

What I've done So Far:

I could not get logged back into Bleeping Computer with my old credentials (username BugOutBob) for some reason, so I looked for other advice on troubleshooting.  I made a new user account for me now as WingMan71.

 

I ran the usual programs that your site normally recommends as well: MBAM, TDSSKiller, RKill, Hitman Pro, ADWCleaner, Junkware removal tool.)  A couple of these programs found a thing or two, but nothing really malicioius.

 

I also just ran SFC (System File Checker) this morning, and it found no problems.

 

All that said, I'm still left with a computer that is pretty much useless after 10 or 15 minutes of use.

 

HELP PLEASE!

 



BC AdBot (Login to Remove)

 


#2 crisis2k

crisis2k

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 14 September 2015 - 10:48 AM

are you sure it infected from usb? i surveyed your symptoms

it sounds like one of the serious infect i think your computer dominated by something big

Trojan.Win32.Generic!BT is nothing special one it just one of the vipre code

i used tdsskiller hundreds of times before but it could nothing helped

please tell me you using 32bit or 64bit OS and you have used roguekiller before

thank you


:welcome: My Name is Philip You Can Call Me Phil
Thank You I'll be there anytime you need help :rolleyes:


#3 WingMan71

WingMan71
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 14 September 2015 - 12:20 PM

crisis2k,

 

Yes, according to VIPRE, the infection was on the external USB hard drive.  64-bit system. 

Have not used roguekiller.

 

Symptoms now getting WORSE!

 

I don't even have to have any apps at all running for it to lock up.  If I just let the computer sit at the desktop with no apps running, 5 to 10 minutes later its completely frozen.  Can't even do a normal Windows shut-down.  Have to pull the plug to reboot.

 

Thanks.


Edited by WingMan71, 14 September 2015 - 12:28 PM.


#4 crisis2k

crisis2k

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 14 September 2015 - 06:32 PM

winman71 if it is really came from usb then maybe it is very bad one

i guess your computer not so good conditions for removing malwares because it freezing easily

you using windows 7 64bit right? this is important tell me what is it exactly

if your systems are fully dominated by somekind of rootkit/autoruns then diagnostics shall getting much more worse

i recommend about considerating format system and reinstall windows seriously

if you don't mind of format system and you shall enduring all kind of hardships for resolve

 

then followiing these process 1st please

 

1. if vipre diagnosis malicious usb drive then check your usb device on desktop

    if there's actually usb putting on computer then saparate usb from computer

    and check system freeze or not about 30 minutes

 

2. and reboot computer with safe mode(use networking) 

    when the boot complete check system freeze or not about 30 minutes

 

3. when you have done 1. 2.steps send me a result


:welcome: My Name is Philip You Can Call Me Phil
Thank You I'll be there anytime you need help :rolleyes:


#5 WingMan71

WingMan71
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 14 September 2015 - 07:21 PM

crisis2k,

 

Thanks for your reply, but when I read the forum rules it stated to ONLY accept troubleshooting action advice from the list of several usernames who are the BleepingComputer experts.  It also stated that even though other members are allowed to post in this forum they should not recommend any actions or the running of any programs.

 

I belive that I'll follow the forum rules and only accept advice on running any programs or troubleshooting, etc., from the list of forum experts.

 

Thanks for your post regardless.



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:06:24 AM

Posted 16 September 2015 - 02:20 PM

Hello WingMan71,

Just to clarify the rules in Am I Infected - anyone can help, but the choice to follow instructions is yours.

Let's see what we can dig up...

MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#7 WingMan71

WingMan71
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 16 September 2015 - 03:16 PM

Hello Alex,

 

Thanks very much for the reply and for getting me straight on the forum rules.  (I'm a stickler for following forum rules!)

 

I have an interesting update for you on my situation, which I'll tell you about first.

 

UPDATE: One thing that I noticed when this all started happening (back when my VIPRE Antivirus program found the virus on my system) is that in addition to all of the other symptoms I had I also noticed that VIPRE would load dead last and very late upon bootup.  This was not normal at all, so I began to suspect that the VIPRE program itself had been infected and was compromised.

 

Since my VIPRE subscription was due to expire in a couple of weeks, I decided to get rid of it in case it actually was infected.  So, late yesterday I uninstalled VIPRE and then installed Bitdefender Antivirus Plus 2015.

 

I did a full system scan with Bitdefender, which took over two hours.  It found nothing on my hard drive or on my external USB backup hard drive.

 

I've been running my computer all day now since 8:00 AM.  It's now 4:00 PM.  I have not had ANY of my previous terrible symptoms display themselves at all.  No freezing ("not responding") apps.  No inability to call up Task Manager.  No inability to do a normal Windows shut down.  Plus the system is running all my usual apps quite efficiently and with good speed.

 

I don't want to talk too soon, but perhaps I've fixed the problem by dumping the possibly infected antivirus program and replacing it with a new one.

 

What I would like to do is to run my system for a day or two more and see if any of the original symptoms return or not.  If so, then I'll pick up where we left off and run your suggested programs and post up the log files.  If it continues to run fine like today, then I think it's fixed.

 

What do you think?  Good plan or not?

 

Let me know...

 

Bob


Edited by WingMan71, 16 September 2015 - 03:22 PM.


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:06:24 AM

Posted 16 September 2015 - 03:51 PM

Hi there,

I have to admit, I'm not a big fan of ThreatTrack Vipre - in most of the AV tests it always come in dead last.

I doubt Vipre would be infected by itself though - please run the aforementioned tools and post the logs, as a checkup is always better just in case... and absence of symptoms does not mean there is no infection.

Regards,
Alex

#9 WingMan71

WingMan71
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 16 September 2015 - 05:18 PM

Hello again Alex,

 

Here are my log files:

 

MTB.txt

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Bob (administrator) on 16-09-2015 at 18:04:10
Running from "C:\Users\Bob\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Inspiron 3847 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Dell Wireless 1705 802.11b/g/n (2.4GHZ) = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Bob-Dell-3000
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
   Physical Address. . . . . . . . . : 48-5A-B6-A9-05-8C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Dell Wireless 1705 802.11b/g/n (2.4GHZ)
   Physical Address. . . . . . . . . : 48-5A-B6-A9-05-8B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a8c3:2da4:35eb:edf%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.49(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, September 16, 2015 2:31:31 PM
   Lease Expires . . . . . . . . . . : Thursday, September 17, 2015 2:31:31 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 239622838
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-61-6E-A0-C8-1F-66-3B-28-0E
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : C8-1F-66-3B-28-0E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c0a1:311c:e09f:bfa7%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.76(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, September 16, 2015 2:30:28 PM
   Lease Expires . . . . . . . . . . : Thursday, September 17, 2015 2:30:28 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 247996262
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-61-6E-A0-C8-1F-66-3B-28-0E
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{40BD4CA9-3DCB-40C2-9EBB-BB5509214450}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C29306B6-6914-487A-9785-D4ED8F45549B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DACE5F9A-A2FD-48E6-8452-B9C522133ACE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  www.asusnetwork.net
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4002:c06::66
      74.125.21.139
      74.125.21.101
      74.125.21.102
      74.125.21.113
      74.125.21.138
      74.125.21.100


Pinging google.com [74.125.21.100] with 32 bytes of data:
Reply from 74.125.21.100: bytes=32 time=12ms TTL=44
Reply from 74.125.21.100: bytes=32 time=11ms TTL=44

Ping statistics for 74.125.21.100:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 12ms, Average = 11ms
Server:  www.asusnetwork.net
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=76ms TTL=51
Reply from 206.190.36.45: bytes=32 time=77ms TTL=51

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 76ms, Maximum = 77ms, Average = 76ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...48 5a b6 a9 05 8c ......Bluetooth Device (Personal Area Network) #2
 13...48 5a b6 a9 05 8b ......Dell Wireless 1705 802.11b/g/n (2.4GHZ)
 11...c8 1f 66 3b 28 0e ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 31...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.76     10
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.49     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.76    266
      192.168.1.0    255.255.255.0         On-link      192.168.1.49    281
     192.168.1.49  255.255.255.255         On-link      192.168.1.49    281
     192.168.1.76  255.255.255.255         On-link      192.168.1.76    266
    192.168.1.255  255.255.255.255         On-link      192.168.1.76    266
    192.168.1.255  255.255.255.255         On-link      192.168.1.49    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.76    266
        224.0.0.0        240.0.0.0         On-link      192.168.1.49    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.76    266
  255.255.255.255  255.255.255.255         On-link      192.168.1.49    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    266 fe80::/64                On-link
 13    281 fe80::/64                On-link
 13    281 fe80::a8c3:2da4:35eb:edf/128
                                    On-link
 11    266 fe80::c0a1:311c:e09f:bfa7/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/16/2015 02:31:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2015 08:46:08 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/16/2015 08:30:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2015 09:17:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2015 08:21:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2015 04:15:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2015 02:06:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2015 09:17:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2015 08:19:13 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/15/2015 07:53:46 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/16/2015 08:54:15 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer LINDA-DELL-660
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DACE5F9A-A2FD-48E6-8452-B9C522133ACE}.
The master browser is stopping or an election is being forced.

Error: (09/15/2015 08:20:32 PM) (Source: BugCheck) (User: )
Description: 0x0000004a (0x0000000076dcda2a, 0x0000000000000002, 0x0000000000000000, 0xfffff88008220b60)C:\Windows\MEMORY.DMP091515-44585-01

Error: (09/15/2015 08:20:31 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:17:38 PM on ‎9/‎15/‎2015 was unexpected.

Error: (09/15/2015 04:34:47 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{DACE5F9A-A2FD-48E6-8452-B9C522133ACE}.
The backup browser is stopping.

Error: (09/15/2015 03:06:21 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{DACE5F9A-A2FD-48E6-8452-B9C522133ACE}.
The backup browser is stopping.

Error: (09/15/2015 02:29:50 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer LINDA-DELL-660
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DACE5F9A-A2FD-48E6-8452-B9C522133ACE}.
The master browser is stopping or an election is being forced.

Error: (09/15/2015 07:51:58 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:00:48 PM on ‎9/‎14/‎2015 was unexpected.

Error: (09/14/2015 01:37:10 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{DACE5F9A-A2FD-48E6-8452-B9C522133ACE}.
The backup browser is stopping.

Error: (09/14/2015 01:14:53 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:10:57 AM on ‎9/‎14/‎2015 was unexpected.

Error: (09/14/2015 10:29:35 AM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}


Microsoft Office Sessions:
=========================
Error: (09/16/2015 02:31:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2015 08:46:08 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (09/16/2015 08:30:35 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2015 09:17:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2015 08:21:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2015 04:15:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2015 02:06:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2015 09:17:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2015 08:19:13 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (09/15/2015 07:53:46 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-07-27 10:39:19.555
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-27 10:39:19.524
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.12 - Adobe Systems)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AiO_Scan (HKLM-x32\...\{655CB07D-C944-40BE-B93F-55957CAC7625}) (Version: 47.0.1.000 - Hewlett-Packard) Hidden
ANT Drivers Installer x64 (HKLM\...\{A02609EB-395E-4638-8DD7-30CE043014E5}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bitdefender Antivirus Plus 2015 (HKLM\...\Bitdefender) (Version: 19.2.0.151 - Bitdefender)
Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon PowerShot ELPH 310 HS_IXUS 230 HS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSELPH310HS_IXUS230HS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.0.3 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.0.3 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elevated Installer (HKLM-x32\...\{D968FBF3-E4A6-4D82-981D-D7FF9B7BFC30}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{560D64A9-BDFD-44B7-90D1-8FBBED7F4A19}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{6D181996-F404-4639-9B95-15012541CB7C}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP Image Zone 4.7 (HKLM-x32\...\HP Photo & Imaging) (Version: 4.7 - HP)
HP PSC & OfficeJet 4.7 (HKLM-x32\...\{5469D537-9B44-4c78-BF2D-5F9807564F74}) (Version:  - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QFolder (HKLM-x32\...\{8777AC6D-89F9-4793-8266-DE406F343E89}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}) (Version: 4.5.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Snagit 12 (HKLM-x32\...\{ae5218bf-cfcc-4099-818d-7e16ce0d97df}) (Version: 12.4.0.2992 - TechSmith Corporation)
Snagit 12 (HKLM-x32\...\{BDFD9ADC-3F97-4A8A-A533-987B21776449}) (Version: 12.4.0 - TechSmith Corporation) Hidden
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
WD Drive Utilities (HKLM-x32\...\{C093AD5D-29E9-4777-AAAC-28C02FCC2A51}) (Version: 1.0.4.11 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{63911503-7EA4-4685-B2FD-D391EF622FB9}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{90C3D9C7-2F83-4399-8E28-A00228CFFDF8}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{34C6812E-E231-4B13-9DAC-21E06ECA864A}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 8108.95 MB
Available physical RAM: 5394.73 MB
Total Virtual: 16216.1 MB
Available Virtual: 13180.4 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:909.81 GB) (Free:774.69 GB) NTFS
3 Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:760.1 GB) NTFS
4 Drive w: (RECOVERY) (Fixed) (Total:21.67 GB) (Free:11.68 GB) NTFS

========================= Users: ========================================

User accounts for \\BOB-DELL-3000

Administrator            Bob                      Guest                    

========================= Minidump Files ==================================

C:\Windows\Minidump\061415-30092-01.dmp
C:\Windows\Minidump\061715-16208-01.dmp
C:\Windows\Minidump\091515-44585-01.dmp
========================= Restore Points ==================================

06-09-2015 22:18:55 Windows Update
09-09-2015 18:53:01 Windows Update

**** End of log ****
 

Checkup.txt

 

Results of screen317's Security Check version 1.008  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Bitdefender Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 18.0.0.232  
 Adobe Reader XI  
 Mozilla Firefox (40.0.3)
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Bitdefender 2015 vsserv.exe  
 Bitdefender Bitdefender 2015 updatesrv.exe  
 Bitdefender Bitdefender 2015 bdagent.exe  
 Bitdefender Bitdefender 2015 bdwtxag.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

Thanks again for your help with this!

 

Bob



#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:06:24 AM

Posted 17 September 2015 - 03:42 AM

Is your HitmanPro installation free or paid?

We can run these and see if they get anything.

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


===

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex

#11 WingMan71

WingMan71
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 17 September 2015 - 10:18 AM

Hello Alex,

 

My HitManPro app is a free download.

 

Here are the results of my scans:

 

MBAM:

 

No threats Found

 

ESET Online Scanner:

 

Threats found... mostly potentially unwanted applications.  Here's the Log file:

 

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll    a variant of Win32/Systweak.N potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe    a variant of Win32/Systweak potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FG3T57VG\stubinst_pkg_en-us[1].cab    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\Users\Bob\Documents\Downloaded\Programs and Utilities\WinZip 18\winzip180.exe    a variant of Win32/Systweak.L potentially unwanted application    deleted - quarantined
C:\Users\Bob\Documents\Downloads\CCleaner\ccsetup508.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Bob\Documents\Downloads\CCleaner\OLD_ccsetup320.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
C:\Windows\Installer\13ff38.msi    a variant of Win32/Systweak.L potentially unwanted application    deleted - quarantined
F:\Drag-Drop_Backups\Programs and Utilities\WinZip 18\winzip180.exe    a variant of Win32/Systweak.L potentially unwanted application    deleted - quarantined
F:\WD SmartWare.swstor\BOB-DELL-3000\Volume.15623745.79d5.11e3.93ae.806e6f6e6963\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FG3T57VG\stubinst_pkg_en-us[1].cab    Win32/OpenCandy potentially unsafe application    deleted - quarantined
F:\WD SmartWare.swstor\BOB-DELL-3000\Volume.15623745.79d5.11e3.93ae.806e6f6e6963\Users\Bob\AppData\Local\Temp\is1242154493\968786_stp\HomePageDLL.dll    a variant of Win32/InstallCore.ACL potentially unwanted application    cleaned by deleting - quarantined
F:\WD SmartWare.swstor\BOB-DELL-3000\Volume.15623745.79d5.11e3.93ae.806e6f6e6963\Users\Bob\Documents\Downloaded\Programs and Utilities\WinZip 18\winzip180.exe    a variant of Win32/Systweak.L potentially unwanted application    deleted - quarantined
F:\WD SmartWare.swstor\BOB-DELL-3000\Volume.15623745.79d5.11e3.93ae.806e6f6e6963\Users\Bob\Documents\Downloads\CCleaner\ccsetup320.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
F:\WD SmartWare.swstor\BOB-DELL-3000\Volume.15623745.79d5.11e3.93ae.806e6f6e6963\Users\Bob\Documents\Downloads\CCleaner\ccsetup508.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
F:\WD SmartWare.swstor\BOB-DELL-3000\Volume.15623745.79d5.11e3.93ae.806e6f6e6963\Users\Bob\Documents\Downloads\CCleaner\OLD_ccsetup320.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined

 

Question:

 

Should I check the box to "Delete Quarantined Files" before clicking Finish on the ESET app, or just click Finish?  Also, what about "Uninstall application on Close"?  Should I check that as well, or is it OK to leave the app on my system?

 

Thanks again!
 


Edited by WingMan71, 17 September 2015 - 10:20 AM.


#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:06:24 AM

Posted 17 September 2015 - 10:21 AM

I think you can delete the files ESET quarantined.

It doesn't look like anything serious - try using the computer for some time and see if there are any more problems. If anything surfaces then let me know.

#13 WingMan71

WingMan71
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 17 September 2015 - 10:47 AM

Hello Alex,

 

Thanks very much for your help with this problem.

 

So far today my computer has been running just fine, like before all of this happened.  Yesterday it ran fine all day as well.  None of the symptoms I had for the past month or more have reoccurred.

 

I'll keep using it and see if it stays nice and stable.  Hopefully, all is well now.

 

Thanks again!

 

Bob






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users